penetration-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to discover, log, and include credential artifacts and raw command outputs (e.g., cat /etc/shadow, discovered credentials, flags) in reports, which requires the LLM to handle and potentially emit secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High risk: the content contains explicit, actionable instructions for reverse shells, credential harvesting (e.g., /etc/shadow), data exfiltration, brute-force attacks, privilege escalation, downloading/executing exploits, and persistence/pivoting techniques that can be used for unauthorized compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to fetch and read untrusted public content—e.g., wget [EXPLOIT_URL] to download exploits, wget https://github.com/.../linpeas.sh, curl the MITRE CVE API, and use searchsploit/exploit-db URLs—so the agent will ingest and interpret arbitrary third-party (user-generated/untrusted) content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains a runtime command that downloads and executes a remote script (wget ... https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh -O /tmp/linpeas.sh then chmod +x and run), which fetches and runs remote code during execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly directs the agent to install packages, download and execute exploits, perform privilege escalation (including sudo/kernel exploits), write and run scripts, and access sensitive system files (e.g. /etc/shadow), which actively modify and compromise the host/container state.